CVE-2022-42115

MEDIUM

Liferay Portal 7.4.3.4-7.4.3.36 - Stored Cross-Site Scripting in Object Module Label Field

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field.

References (2)

Core 2

Core References

Product

http://liferay.com

Patch, Vendor Advisory

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42115

Scores

CVSS v3 5.4

EPSS 0.0020

EPSS Percentile 41.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

com.liferay/com.liferay.object.web 0 - 1.0.99Maven

liferay/liferay_portal 7.4.3.4 - 7.4.3.37

Published Oct 18, 2022

Tracked Since Feb 18, 2026